Aegis Secure Key 3.0 User’s Manual Remember to save your PIN in a safe place. If PIN is lost or forgotten, there will be no way to access data on the key.
Table of Contents About the Aegis Secure Key 3.
Copyright © Apricorn, Inc 2014. All rights reserved. Windows is a registered trademark of Microsoft Corporation. All other trademarks and copyrights referred to are the property of their respective owners. Distribution of modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of the work or derivative work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder.
About the Aegis Secure Key 3.0 Important: With its flash key size, the Aegis Secure Key also has relatively small buttons. For greater ease and better control of key commands, enter all PINs and command codes onto the Secure Key’s keypad PRIOR to plugging the device into the USB port for use. Failure to do so may damage the USB port and cause the key to not function properly. 3 2 1 Note: It’s normal for this device to be warm to the touch during use.
First-Time Use Each Aegis Secure Key is shipped without a preset Personal Identification Number (PIN) installed on the key. A 7 to 16-digit Admin PIN must be established before the key can be used. This Admin PIN can be used to set any and all of the Admin Mode Features of the key, as well as to access the key’s data. To Set Up the Admin PIN: 1. Wake up the key by pressing the UNLOCK button. Both the BLUE and GREEN LEDs will glow solidly. 2. Press UNLOCK + 9 at the same time.
Waking the Key When the key is not in use, it will enter a sleep state. While in this state, the key is locked and cannot be accessed. To wake the key so it can accept keypad inputs, press the UNLOCK button once. The RED LED will glow solidly (standby state.) Note: If the key has never been used, the BLUE and GREEN LEDs will glow solidly indicating that the Admin PIN must first be established before the key can be used. Unlocking the Key 1.
Adding a User PIN The Aegis Secure Key can have one Admin and one User, making a total of two working PINs. Adding a User is a perfect way to securely share the key or deploy it for use where the User does not require access to the Admin features. While the User has limited functionality and no Admin rights to the key, they can still access the key’s data, change their PIN, and set the key to Read Only or Read / Write mode. Note: adding a User PIN can only be done within the Admin mode.
Changing the Admin PIN Changes to the Admin PIN can only be made while the key is in the Admin mode. 1. Enter the Admin mode. (Hold UNLOCK + 0 for five seconds – with the RED LED blinking, enter the Admin PIN and press the UNLOCK button.) The BLUE LED will glow solidly. 2. Press UNLOCK + 9. The BLUE LED will glow solidly and the GREEN LED will blink. 3. Enter the new Admin PIN and press the UNLOCK button. The GREEN LED will blink three times. 4. Re-enter the new Admin PIN and press the UNLOCK button.
Setting Read-Only or Read / Write From the User Mode NOTE: When changing Read-Only or Read / Write settings, do not make these changes with the key attached to an operating system. This may cause confusion within the operating system about the proper status of the key and the key may not function properly until the operating system has been restarted. This mode will allow the User to set the Read / Write status of the key, without having access to the Admin functions.
Setting the Unattended Auto-Lock Feature To protect against unauthorized access if the key is unlocked and unattended, the Aegis Secure Key can be set to automatically lock after a predetermined period of inactivity. In its default state, the Aegis Secure Key’s Unattended Auto-Lock feature is turned off. The Unattended Auto-Lock can be set to activate after 5, 10 or 20 minutes of inactivity. To set the Unattended Auto-Lock, perform the following steps: 1. Enter the Admin mode.
Setting a Self-Destruct PIN For certain users, it’s important to have a “last-resort” level of security where sensitive data falling into the wrong hands would be catastrophic. The Secure Key’s Self-Destruct PIN defends against physically compromising situations by erasing the key’s contents, leaving it to look as if it never had any data written to it.
Aegis Secure Key Brute-Force Protection What is Brute-Force Attack? A Brute-Force Attack is a means of breaching a cryptographic data defense scheme by systematically running an astronomical number of decryption possibilities. With AES 256 having never been cracked, the data stored on a Secure Key is going to be more than well-protected against brute-force. But brute-force attacks aren’t necessarily aimed at the bulk of the data itself, but rather, at the drive’s access PINs.
Performing a Complete Reset NOTE: A complete reset will erase encryption keys and PINs and leave the Secure Key in an unformatted condition. There may be circumstances (forgotten PIN, redeployment, return to factory default settings) when you need to completely reset the key. The complete reset feature will perform a crypto-erase on the key, generate a new encryption key, delete all users, and return all of the settings to factory default. To perform a complete reset of the key, perform the following: 1.
Initializing and Formatting the Aegis Secure Key After a Complete Reset A complete reset of the Aegis Secure Key will erase all information and partition settings. You will need to initialize and format the Aegis Secure Key again after reset. To initialize your Aegis Secure Key, perform the following steps: 1. After a complete reset, press UNLOCK + 9. The BLUE LED will glow solidly and the GREEN LED will be blinking. 2. Enter the new Admin PIN and press the UNLOCK button.
Hibernating, Suspending, or Logging Off from the Operating System Be sure to save and close all the files on your Aegis Secure Key before hibernating, suspending, or logging off from the Windows operating system. It is recommended that you lock the Aegis Secure Key manually before hibernating, suspending, or logging off from your system. To log off the Aegis Secure Key, double-click Safely Remove Hardware on the Windows desktop and remove the Aegis Secure Key from your computer.
Diagnostic Mode The keypad has a manual diagnostic mode built-in to verify proper keypad function and troubleshooting key issues. This mode will not allow access to any data or admin function. It can only be used to identify the firmware level and to test button recognition. To enter the diagnostic function: 1. Press UNLOCK, then press UNLOCK + 1, then press and hold 0 for five seconds. The RED and BLUE LEDs will blink alternately. 2.
Lock-Override Mode Certain users may encounter a case where they need the key to remain unlocked during a reboot, passing the key through a virtual machine or other similar situation which, under normal circumstances, would cause the key to lock. To help facilitate this use case, “Lock-Override Mode” will allow the key to remain unlocked through USB port re-enumeration and will not lock again until USB power is interrupted.
Troubleshooting This section contains troubleshooting information for the Aegis Secure Key. If you encounter any of the following problems when using the Aegis Secure Key, refer to the corresponding answers. Q: What can I do if I forget the User PIN? A: Use your Admin PIN to enter the Admin Mode and create another User PIN. Q: What can I do if I forget the Admin PIN? A: There is no other way to retrieve the Admin PIN except a complete reset of the Aegis Secure Key.
A: If an Admin PIN has been previously set, the Admin PIN can be used to unlock the key and recover the data. If you forget the PIN and do not have an Admin PIN, the key can be reset so it can be used again, but the data cannot be recovered. Q: Why does the LED indicate an error when I try to change the PIN? A: PIN requirements for this key must meet a minimum security level. There are several combinations that are not allowed, such as repeating numbers or sequential numbers.
Technical Support Apricorn provides the following helpful resources for you: 1. Apricorn’s Website (http://www.apricorn.com) This gives you the ability to check for up-to-date information 2. E-mail us at support@apricorn.com 3. Or call the Technical Support Department at 1-800-458-5448 Apricorn’s Technical Support Specialists are available from 8:00 a.m. to 5:00 p.m.
© Apricorn, Inc. 2014. All rights reserved. 12191 Kirkham Road Poway, CA, U.S.A. 92064 1-858-513-2000 www.apricorn.
